Rating: 
Summary: Security that works!
Review: This book is at the top of my list when it comes to Linux security books. It
has more information on securing Linux than any other I've read. And when I
say Linux, I mean Linux not the plethora of applications and servers that run
on Linux. Granted, it touches on some of the more "standard" servers, like
Apache, Sendmail, and Samba. But the majority of the book is dedicated to
securing Linux, servers, and applications in general. So, if you are looking
for a book to tell you how to lock-down ProFTPD, this isn't it. Because of
this limited scope, unlike other Linux security books that try to cover
everything imaginable, it manages to cover the topic thoroughly.The book starts off with "quick fixes" and then moves on to more advanced
security issues. This is done so that you can get your system relatively
secure as soon as possible, and deal with securing some of the more obscure
and complex things in a progressive nature. It deals with just about everything from making your users choose hard to crack passwords, to defining
a written security policy, to collecting information about break-ins and
getting law enforcement involved. This is a real well rounded and robust
book. Two things make this an awesome addition to any Linux user or administrator's
collection. First, the author knows Linux inside and out. I was quite
surprised to see security solutions that include kernel modifications as an
option. In addition to his knowledge of Linux, the author has a very jovial
writing style that you seldom find in books of a technical nature. I felt no
need to force myself to read this book, because the author's writing style
was engaging kept my attention. Second, the author (and Prentice Hall)
included a CD with the book that contains software that the author wrote or
modified (to extend its functionality and/or usefulness). The CD itself is
worth the price of the book alone. This book is a good buy and I would recommend picking up a copy of this book
if you are running Linux in a business or home environment.
Rating:
Summary: Useful but should have been online
Review: This book is exactly what its title says. It is for those who want to identify the many security holes and some of the common fixes. Bob Toxen gives very good references on finding other security tools on the web and in the library. A useful feature of the book is a discussion of the lastest security software. The danger however is that this will make the book outdated quite fast. for instance, the author talks about ipchains not iptables. Also he misses references to trusty software such as cryptfs (though there is a reference to ppdd). The book is a must-have as a reference. It would have been more useful if it was available online.
Rating:
Summary: Worth the money and the time!
Review: This book is probably what you are looking for. A huge volume that covers several Linux security tasks, from passwords to permissions to X services to... In a clear and step by step approach that helps to centralize much knowledge and techniques in a single book. What is possibly as important as the quality of the content: it is highly readable. You will enjoy every second of reading. An excellent choice
Rating:
Summary: A useful book
Review: This book is written in clear prose and is easily understood. His description of attacks and how to defend against them is fascinating and extensive. He has a section titled "Obscure but Deadly Problems". I fear they are not as obscure as one would hope, as I have encountered such problems. The historical notes, such as that of the Symlink Attack (section 6.8.3 in the grey box on page 298), allow the reader a deeper level of understanding. The resources and instructions for finding the attacker's system given in chapter 20 are very useful.
Rating:
Summary: Practical approach
Review: This book provides a very good approach to security, both from a theoretical and practical standpoint. Pragmatism is key for good security. I advise it for any person/organization that want to harden its servers from malicious intentions and make life more complex for crackers (more time spent in cracking the system, more occasions to be detected and more risks).
Rating: 
Summary: All credibility lost
Review: This book was doing OK as a general intro to Linux security. I had differences of opinion here and there, but overall the book was fairly accurate. As a very simple intro book, this is pretty good. If you're looking for any real depth, you're better off with HOWTOs. When Toxen suggested that the most secure Linux distribution was RedHat, I realized he must not have as much experience as he claims. Not even counting the secure distros like Immunix, even sstandard Debian and SuSE distros have enhanced security features and much more sane defaults. That simple statement destroyed any credibility Toxen had managed to build with me. Looking back, I found that my differences of opinion were more substantial than I'd thought. I'm on the lookout for a new Linux security book now.
Rating:
Summary: Security that works!
Review: Too much of this book that is supposed to be about Linux Security is instead about paperwork, or general computer security, as opposed to linux/unix security. There are many books out there that do a far better job helping you create user policies and all that paperwork that the folks in HR want to have for legal purposes. SANS has a wealth of this stuff, and it's better to just read/copy it from online if you need that stuff. Instead, I'd prefered that this book had more Linux security 'grit'. I'm not displeased with what is here, but the amount of the book that covers topics that are not useful or on point is dissapointing.
Rating:
Summary: Should get a better focus
Review: Too much of this book that is supposed to be about Linux Security is instead about paperwork, or general computer security, as opposed to linux/unix security. There are many books out there that do a far better job helping you create user policies and all that paperwork that the folks in HR want to have for legal purposes. SANS has a wealth of this stuff, and it's better to just read/copy it from online if you need that stuff. Instead, I'd prefered that this book had more Linux security 'grit'. I'm not displeased with what is here, but the amount of the book that covers topics that are not useful or on point is dissapointing.
Rating:
Summary: packed with great tips
Review: When my system got hacked, a friend loaned me the first edition of Bob Toxen's book. I'm glad to see the second edition out, and I just ordered it. This book is really handy, and packed with great tips about securing your system. It also contains a lot of good anecdotes, so it's much more than a dry how-to book. I highly recommend it.
Rating:
Summary: The best book on Linux security - period.
Review: With shelves of GNU Linux and Unix security books out there, choosing which ones to grace your bookshelf with can be difficult. Real World Linux Security is a hands down winner, covering every aspect of Linux system security. With many books being a tired rehash of the same tips designed to harden your system against script-kiddies, this book goes many steps further into protecting your systems against skilled crackers, and exploring advanced cracking techniques, and defenses against them. Something missing from most other books, this book has extensive coverage on preparing for an attack, how to tell if your system has been cracked, and what to do afterwards (contrary to what your instincts may tell you, don't just pull the plug!) If you have only one Linux security book, this is definitely the one. As a bonus, the book is excellently indexed, and has frequent references to other parts of the book where appropriate, making it easy to navigate.
| 
